The cybersecurity incident that hit Microsoft in late 2023 also impacted the U.S. Department of Veteran Affairs (VA), the U.S. Agency for Global Media (USAGM), and the Peace Corps.
The company notified both organizations of the breach in March 2024, and even warned USAGM that the attackers may have stolen some data from the servers. Security data and personally identifiable information (PII) were likely not included.
“As our investigation continues, we have reached out to customers to let them know if they have corresponded with a Microsoft work email account that was compromised,” Microsoft spokesman Jeff Jones told The edge“We will continue to coordinate, support and assist our customers in taking mitigation measures.”
Midnight snowstorm
In late November 2023, Russian state-sponsored threat actors known as Midnight Blizzard (also known as Nobelium or Cozy Bear) targeted Microsoft and managed to steal sensitive information from certain high-level individuals, including senior executives. It’s not known exactly how many emails were accessed, but Microsoft said the compromised accounts included those of senior leadership and people working in cybersecurity and legal departments.
The attack was discovered on January 12, and Microsoft indicated that subsequent changes to its security approach could cause some disruption.
The company reported at the time how the attackers managed to compromise an old, non-productive test tenant account via a password spray attack.
The group used that access to gain access to “a very small percentage” of Microsoft’s corporate accounts, the company said.
“Some emails and attached documents” were stolen, Microsoft said, stating that the information was related to the Nobelium group. “To date, there is no evidence that the threat actor had access to customer environments, production systems, source code, or AI systems.”